OK, here’s the thing. Many senior executives I know don’t like social media or don’t understand it. Some are from the corporate species and think that company policies won’t allow them, that the risk would be too high, the cost unjustifiable, that they’ll have to learn too many things and waste rare and precious time for non-existent or unquantifiable returns. Or they may be founders of young organisations that get the tech but just don’t know where to start to derive real benefits quickly.

26 August 2014

For those who know me well enough, they will be aware that I mentor people from various walks of life... For the others, this is my small way of giving back to the industries that have served me well throughout my career by sharing tips and techniques I have learned and tried over the years, such as they are... As I can only effectively mentor four people personally at any given time, I thought I’d write this post which I hope some of you might find useful...

I love cupcakes. I love baking them and I love eating them...
I also love finding analogies trying to explain relatively complex (or simple but little understood) concepts using everyday situations. And
today was my cupcake day, and a few friends last week asked me to explain how "The Cloud" works, so I just put two and two together and
came up with a simple picture...

Have you ever wondered what the Payments Services Directive 2 (PSD 2) is all about?... Been put off by reading 102 pages of regulations (plus related reading)?... Have an inkling that information security is part of it?...
[UPDATED 5TH MAY 2014]
I originally published a 5 mins video and asked for feedback at my 1st publishing attempt on YouTube. My thanks go to all those payments & security professional that took the time to review it, this latest effort wouldn't have been possible without them. The result is two shorter videos of 2 mins each (with different cool jazz tracks...) that are much more streamlined...
As always, your views and comments are much appreciated!

The always eagerly awaited Verizon DBIR 2014 was released earlier this year. As always, with a nice cup of coffee and some smooth jazz playing in the background, I will endeavour to distil the essence of this always excellent publication... Well, this year, the DBIR departs from just analysing data breaches to looking at 63,347 confirmed security incidents, of which 1,367 were confirmed data breaches (compared to 621 for 2012) across 95 countries (compared to 27 in 2012). This gives far greater richness to the data set and the insights that can be derived from it (rightly so, the DBIR team notes that incidents need not necessarily result on data loss to have a significant impact on an organisation – I couldn’t agree more!). Also don’t miss the month by month review of the major incidents of 2013 on pages 3 & 4, that’ll get you in the mood...

McAfee Labs' latest report reveals that hackers are using basic 'off the shelf' malware to target retail POS systems, a very topical subject, I’m sure you will agree... But we have to remember that the breaches mentioned in the McAfee report took place in the US, and there is one notable difference between retailers there and those in Europe: the US haven’t yet adopted EMV (aka Chip & PIN)...

I first wrote on this subject in May 2012 (The social media side of incident response).
Today, it is still my most popular entry on this blog with 5,430 unique views as I write. This means that in any given day since I published it, 6 people somewhere in the world have read that post... I am at once flattered and amazed that some musings derived from the good, bad and ugly of how businesses have tackled crisis communications in the past few years still very much resonate with a lot of you. So here’s the 2014 version...